2017 SME Cyber Threats

29 Dec 2016

Despite their small size and the common misconception by SME owners that they are not at risk from cyber threats, the reality is very different. It is because of their size and smaller budgets that make them a popular target for criminals. So what are the threats to SMEs in 2017 likely to be?

Ransomware

As we have seen, 2016 was the Year of Ransomware and it is unlikely to change significantly next year. Enterprise-targeted ransomware attacks have become mainstream and will continue to be a major threat, while new methods of attack may include exploiting vulnerable web servers as an entry point to gain access into an organisation's network. Ransomware-as-a-service, custom ransomware for sale in dark markets, and creative derivatives from open-source ransomware code will also pose a significant threat. We also expect Mobile ransomware to continue to grow.

Internet of Things (IoT)

The IoT encompasses thousands of types of devices in every industry. IoT should be thought as networks of devices enabling and offering services, many of which are cloud-based. The threat is multifaceted; ranging from ransomware to cloud. IoT devices will also be useful attack vectors into control, surveillance, and information systems, as seen with the recent Mirai malware.

Cloud Services

During the past few years, the rapidly growing use of cloud services and an increase of new devices are challenging traditional methods of protecting everything digital. Increasing amounts of sensitive data and business-critical processes are shifting to public and hybrid clouds. Attackers are adapting to this shift and will seeks to attack cloud infrastructure.

BEC & BPC

Simple-but-effective Business Email Compromise (BEC) attacks will continue to grow, while we will begin to see more hard-hitting Business Process Compromise (BPC) attacks like the US$81-million Bangladesh Bank heist.

Third Parties

Third parties such as vendors and contractors pose a risk to companies. Most have no secure system or dedicated team in place to manage these third-party employees. High-profile breaches of US chains Wendy’s and Target illustrate how cyber criminals have become increasingly sophisticated.

The Risk Portal allows users to visualise information in a unique and instantly understandable way.
Mapping filters enable the visualisation of incidents by threat category, time period, perpetrator and target type.

Risk Portal users can upgrade their accounts to include the Report Builder and Country Profile Generator features.
The Report Builder allows users to select information, data and images from the Risk Portal and create bespoke reports and emails.